On Dec 17, 2008, at 1:35 PM, Kenneth Christiansen wrote:
The problem here is that repaintContentRectangle auments (d-
>m_repaintRects.append(r)) the items in m_repaintRects or clears it
(d->m_repaintRects.clear()), thus the size of m_repaintRects[]
changes while iterating it, which can result in a crash.
Well no, that append will only happen if m_deferringRepaints is non-
zero, and the loop in endDeferredRepaints only runs if if
m_deferringRepaints is zero.
Maybe your test case shows some bug in that logic?
-- Darin
_______________________________________________
webkit-dev mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
